Communications of the IIMA


IT organizations and CEO’s are, and should be, worried these days about the (lack of) data confidentiality and the usage of “shadow” IT systems by employees. In addition to the company’s risk of monetary loss or public embarrassment, the senior management themselves increasingly risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of employees perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto, Plummer, & Smith, 2008). Employees’ complying with the existing IT security policies is therefore essential. This paper presents a study on one of the factors that influence non-compliance behavior of insiders or employees in organizations: National Culture. The expected influence derived from researching literature has been tested in a survey study amongst employees of a big-5 accountancy firm in the Netherlands and Belgium. The study concludes that cultural aspects are indeed important factors influencing non-compliance behavior, but that not all expectations were confirmed.